CONTACT US | SITEMAP
 
 
Search:
 
Home > Resources > Malicious Software > Internet Hoax

Internet Hoax

1.0 Description

The internet is constantly being flooded with information about computer viruses and Trojans. However, interspersed among real virus notices are computer virus hoaxes. While these hoaxes do not infect systems, but they are time consuming and costly to handle.

Users are requested not to spread unconfirmed warnings about viruses and Trojans. If you receive an invalidated warning, don't pass it to all your friends, pass it to your computer security manager or ISP to validate first. Validated warnings from the incident response teams and antivirus vendors have valid return addresses and are usually PGP signed with the organization's key.

2.0 Hoax Definition

Hoax warnings are typically 'scare alerts' started by malicious people and passed on by users who think they are helping the community by spreading the warning. Hoax are not real virus so do not forward hoax messages. There had been cases where e-mail systems have collapsed after dozens of users forwarded a false alert to everybody in the company.

Although there are thousands of viruses discovered each year, there are still some that only exist in the imaginations of the public and the press. This is the comprehensive list of viruses that DO NOT EXIST, despite rumor of their creation and distribution. Please refer here for a list of known computer virus hoaxes.

Ignore any messages regarding these supposed "viruses" and do not pass on any messages about them. Passing on messages about these hoaxes only serves to further propagate them.

3.0 How to Identify a Hoax

  1. Technical sounding language

    For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth -complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

  2. Credibility of the sender of the warning

    You should look if the message or warning is from an authoritative organization which has credibility in this area such Anti -Virus Companies, Anti-Virus Vendors, ISPs, Computer Emergency Response Teams (CERTs).

  3. Look for if the warning urges you to pass it on to your friends and to as many people as possible.

  4. Look for if the warning indicates that it is a Federal Communication Commission (FCC) warning. According to the FCC, they have not and never will disseminate warnings on viruses. It is not part of their job.

4.0 Validate a Warning

DO NOT circulate virus warnings without first:

  1. Checking with an authoritative source.

    Authoritative sources are computer system security administrators or your computer incident advisory team. Real warnings about viruses and other network problems are issued by different response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP.

  2. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes.

What to do when You Receive a Warning

Upon receiving a warning

  1. You should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message The CIAC signature is available at the CIAC home page: CIAC You can find the addresses of other response teams by connecting to the FIRST web page.

  2. If there is no PGP signature, see if the warning includes the name of the person submitting the original warning. Contact that person to see if he/she really wrote the warning and if he/she really touched the virus. If he/she is passing on a rumor or if the address of the person does not exist or if there is any questions about the authenticity or the warning, do not circulate it to others. Instead, send the warning to your computer security manager or your incident response team and let them validate it. Report to MyCERT via e-mail, fax or telephone by appending a copy of the hoax for verification. When in doubt, do not send it out to the world.

  3. In addition, most anti-virus companies/vendors have their web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. Another useful web site is the "Computer Virus Myths home page" which contains descriptions of several known hoaxes. In most cases, common sense would eliminate Internet hoaxes.

More Information

For more information on hoaxes, refer to following links;

  1. CIAC
  2. Computer Virus Myths
  3. Good Times Hoaxes (FAQ)
  4. Hoax Warnings
  5. List of hoaxes
   

Disclaimer | Copyright © 2008 - CyberSecurity Malaysia